||Team-Xecuter coming to your Nintendo Switch console!
| #35809 posted 2018-01-07 @ 04:39 GMT |
OP Json: https://gbatemp.net/threads/team-xecuter-coming-to-your-nintendo-switch-console.493184/
In the light of a recent presentation at the Chaos Communication Congress in Germany we've decided to come out of the woodwork and tease you all a bit with our latest upcoming product.
This solution will work on ANY Nintendo Switch console regardless of the currently installed firmware, and will be completely future proof. This is *the* solution for opening up CFW (Custom FirmWare) on the Nintendo Switch. We want to move the community forward and provide a persistent, stable and fast method of running your own code and custom firmware patches on Nintendo's latest flagship product. And we think we've succeeded!
Below you can find a quick video showcasing a Nintendo Switch booting up, but there s something funny going on, can you spot it?
Team-Xecuter coming to your Nintendo Switch console
For all the non-believers and technically capable people! Try the following key to decrypt STAGE2 of the bootloader (1.0.0 up till 2.3.0):
Keep an eye on this space, more news and updates are coming!
Watch Team Xecuter for more info Here
[ This message was edited by codemasterv on 2018-01-07 @ 04:40 GMT ]
[ This message was edited by codemasterv on 2018-01-07 @ 04:42 GMT ]
Member games before online gaming? MEMBER!? Oh yeah I member.
|Attachments:|| team-xecuter-nintendo-switch.jpg|| || || |
| #36084 posted 2018-07-29 @ 08:33 GMT |
Team Xecuter versus the "unhackable" Switch
Recently, it has come to our attention there's a new revision of the Nintendo Switch in the wild which is incompatible with our SX Pro product. This isn't simply an incompatibility with SX Pro but rather appeared to be a fix of the infamous "USB RCM" exploit.
Naturally, we had to locate one of these new Switch units to get to the bottom of this. Our new Switch unit arrived to us at firmware version 5.1.0 and what we found out is the following (sorry, time to get a bit technical):
One of the IPATCH entries in the fuse set (entry #3) has been replaced with a new patch. The old patch patches the bootrom location 0x10fb3c with the value "00 20" (mov r0, #0 in thumb), and the new patch patches the bootrom location 0x10769a with the value "00 21" (mov r1, #0 in thumb). This new patch effectively zeroes out the upper-byte of the wLength field in the USB RCM endpoint 0 handling code.
Those who are paying attention probably wonder how we know the exact details of this IPATCH entry change, since we can't read out the fuses without our precious USB RCM exploit, right? It is a classic chicken and egg problem.
The answer is obvious: There is more than one coldboot bootrom exploit, and it is not just the warmboot one.
So don't fear: we will deliver a solution for these new "unhackable" switches in due time!
Thank you for attention.
[ This message was edited by ps7000 on 2018-07-29 @ 09:04 GMT ]